You’ve heard it said that a chain is only as strong as its weakest link. When it comes to your cybersecurity team, this adage couldn’t be more appropriate. If you want this team to perform with both diligence and accuracy, it’s critical that you consider the following:
First, every team member understands the importance of their role. Everyone on the team needs to be focused and performing well every single day to be effective—and they need to understand why that is so important. Even those team members with repetitive functions—like those in access/identity management, for example. They handle sensitive data and could inadvertently cause a cybersecurity issue if they’re not careful. They must remain vigilant and engaged. Simply telling everyone their job is critical isn’t impactful; instead, demonstrate how their jobs are critical to the health and security of the business by tying what they do day-to-day to the organization’s strategic goals.
Second, security is there to facilitate the business, not to work against the business. If even one member of your team takes on a “no can do” attitude for every management request, that will throw off the rest of the team. Emphasize to every team member that their job is to help the business find the most secure way to accomplish the need—security and the business should be partners. There will be times when you must deliver the message that the business request poses significant risk but it’s usually a business decision to accept that risk or not. If you focus on helping the business achieve its goals in a secure way that’s appropriate for what’s at risk, the times you need to say no will be rare. As a result, the business will be more likely to listen when those times come.
Finally, it’s critical not to overstate risk, but to keep the discussion logical and fact-based. As Celia Baker, President of the IntelliGRACS Group Inc., told us, “If you’re going to say the sky is falling, be sure it’s really falling—not just starting to rain.” Some security professionals may be tempted to craft dramatic cybersecurity messages based on FUD (fear, uncertainty, and doubt) to secure funding or make a point. That may work once or twice—but in the long term, management will stop listening. Ensure that every team member keeps their presentations solid and fact-based as risk is being communicated up the chain and across the business.
The above guidelines will be useful for managing your group, but you’ll also need the right people in place who can work well within those parameters. Below we’ve outlined seven skills, traits, roles, and responsibilities necessary for a well-rounded cybersecurity team.
Cybersecurity Team Structure: 7 Important Roles & Responsibilities
1. Software Development
Having someone on your team with secure software development skills is a huge advantage for a cybersecurity team. Many companies rely on external third parties for development, but it really helps strengthen a security program to have someone on board with the knowledge and skill set to be part of those conversations.
2-4. Threat Intelligence, Intrusion Detection, & Incident Management
Key to cybersecurity are monitoring and identifying issues before they happen, catching issues as quickly as possible, and taking the necessary steps after an incident has taken place—you’ll need team members who can handle these discrete but connected functions.
5. Risk Mitigation
Every member of your team should understand how to mitigate risk. It’s helpful here to have team members that understand controls and auditing. If you can think like an auditor, you can identify weak controls (cause risk) and then implement appropriate mitigation strategies.
6. Data Analytics
Do you have someone on your cybersecurity team who can look at raw data to identify patterns and cull out useful and actionable information? Knowing and understanding how to correlate and interpret data is critical for cybersecurity. If not, you need to be sure you hire for this or foster this skill as soon as possible.
7. The Ability To Work Across The Organization
More of a soft skill, this is still critical for every cybersecurity team member. You can have very intelligent team members with top-notch security skills, but if these individuals can't have relevant conversations with people in other departments in a manner that elicits cooperation, they’ll have more limited career opportunities, limited effectiveness in their current roles, and less opportunity for advancement. Not being able to speak the language of the business and other teams is a primary reason good technical people don’t advance beyond middle management. So be sure every team member knows how to work and communicate with other teams and other levels of management—knowing when to lose the tech jargon will go a long way.
Technology and security issues are both changing rapidly. Have you made a commitment to keep up with the latest trends, tactics, and threats that could impact your cybersecurity program? If not, start with the tips and structural suggestions above—and keep the momentum going from there!
Special thanks to Celia Baker, president of the IntelliGRACS Group Inc., for her insights on this topic.